Application No.: 09/878,536 

Reply to Office Action dated: December 20, 2004 

Reply dated: June 20, 2005 



Remarks 

The above Amendments and these Remarks are in reply to the Office Action mailed 
December 20, 2004. An appropriate Petition for Extension of Time to Respond is submitted 
herewith, together with the appropriate fee. 

I. Summary of Examiner's Rejections 

Prior to the Office Action mailed December 20, 2004, Claims 1-39 were pending in the 
Application. In the Office Action mailed December 20, 2004, Claims 7, 24, 30-33 and 36-37 were 
rejected under 35 U.S.C. 1 1 2 as being indefinite for failing to particularly point out and distinctly claim 
that which Applicant regards as the invention. Claims 1 , 2, 5-1 3, 1 5, 1 7-1 9, 22, 30, 32 and 34-39 
were rejected under 35 U.S.C. 102(e) as being anticipated by Wiederhold (U.S. Patent No. 
6,226,745). Claims 3, 4, 14, 16,20,21,31 and 33 were rejected under 35 U.S.C. 103(a) as being 
obvious over Wiederhold in view ofjava.sun.com and/or javaworld.com. 

II. Summary of Applicant's Amendments 

The present Response amends Claims 1, 7, 18, 24, 30, 35 and 36, leaving for the 
Examiner's present consideration Claims 1 -39. Reconsideration of the Application, as amended, 
is respectfully requested. Applicant reserves the right to prosecute any originally presented claims 
in a continuing or future application. 

III. Rejections under 35 U.S.C. 5112 
Claims 7, 24, 30-33, 36 and 37 

In the Office Action mailed December 20, 2004, Claims 7, 24, 30-33 and 36-37 were rejected 
under 35 U.S.C. 1 1 2 as being indefinite for failing to particularly point out and distinctly claim that 
which Applicant regards as the invention. Accordingly, Claims 7, 24, 30 and 35 have been amended 
by the current Response to correct any indefiniteness. Applicant respectfully submits that the 
claims as amended, together with the claims dependent therefrom, now properly conform to the 
requirements of 35 U.S.C. 112, and reconsideration thereof is respectfully requested. 
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IV. Rejections under 35 U.S.C. §102 

In the Office Action mailed December 20, 2004, Claims 1 , 2, 5-1 3, 1 5, 1 7-1 9, 22, 30, 32 and 
34-39 were rejected under 35 U.S.C. 102(e) as being anticipated by Wiederhold (U.S. Patent No. 
6,226,745). 

Claim 1 

Claim 1 has been amended by the current Response to more clearly define the embodiment 
of the invention therein. As amended, Claim 1 defines: 

1 . (Currently Amended) A security system for allowing a client to access a protected 
resource or application, said application including an application container, comprising: 

an application interface mechanism for receiving a request from a client to access 
a protected application, and communicating said request to a security service, wherein the 
client makes the request on the application container, and the application container calls the 
security service with the request and a callback; 

a security service for making a decision to permit or deny said request, wherein the 
security service includes a plurality of security providers that may be plugged into the 
security service, and wherein the security providers use the callback handler to request 
context information from the application container for the request, and wherein depending 
on the output from the security providers the security service determines an entitlement for 
the client to use with the protected application; and 

a resource interface for communicating permitted access requests to said protected 
application. 

Claim 1 , as currently amended, defines an application interface mechanism for receiving a 
request from a client to access a protected application. The client makes the request on the 
application container, and the application container calls the security service with the request and 
a callback. The security service includes a plurality of security providers that may be plugged into 
the security service, and which use the callback handler to request context information from the 
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application container for the request. Depending on the output from the security providers, the 
security service determines an entitlement for the client to use with the protected application. 

The advantages of the system defined by Claim 1 include that security may be expressed 
from the point of view of an application instead of the infrastructure. Traditional security 
mechanisms tend to be context-less since they are based solely on permissions granted a principal 
for a given resource; therefore, the only types of authorization decisions that can be made are 
whether the principal has the necessary permissions to access the resource. In accordance with 
Claim 1 , a pluggable architecture allows security and business logic plugins to be inserted into a 
security service hosted by a server, and to control access to one or more secured resources. A 
request context may include the identity of the target object, the value of the parameter of the 
request, and potentially environmental information such as the network or IP address of the initiating 
client. The providing of context information without prior knowledge is accomplished by using 
callbacks to the containers from the authorization provider. The container delegates authorization 
decisions to the security service when the container later makes a request to access a protected 
resource, thus moving the point of enforcement from the container to the security service. 

Wiederhold discloses a security mediator system for use in a computer system having a 
database of information to be shared with authorized users in accordance with pre-defined 
constraints. A rules database stores rules, including query pre-processing rules and query results 
post-processing rules. (Abstract). Retrieved results are validated before transmission of the 
retrieved information to the requestor. (Column 3, lines 46-49). The security mediator uses rules 
to determine the validity of every query and make decisions pertaining to the dissemination of 
information. The system helps the security officer enter appropriate rules and update them as the 
security needs of the organization change. The rules are preferably simple, short and 
comprehensive. They are stored in the rules database with all edit rights restricted to the security 
officer. Once the rules are entered into the system by the officer, all the rules applicable to a 
particular user will be checked for every query issued by that user in every session. (Column 5, 
lines 36-58). 
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It appears from the above description that, in Wiederhold, a security officer (or officers) 
enters a set of rules into a central rules database. During a particular session, each time a query 
is issued by a user, the rules in the rules database are checked. Appropriate rules for that user are 
applied, (including where applicable both query pre-processing rules and query results 
post-processing rules), before transmission of the requested information back to the user. 

However, Applicant respectfully submits that Wiederhold appears to disclose an otherwise 
traditional security mechanism, wherein the infrastructure itself (the mediator) is the single point-of- 
enforcement that makes all of the security decisions; the difference being that, in Wiederhold, the 
mediator is designed as a two-way "fence" that intercepts queries coming in and, likewise, results 
going out. (Column 4, lines 57-59). Applicant respectfully submits that Wiederhold does not appear 
to disclose or suggest a security service that includes a plurality of security providers that may be 
plugged into the security service, and wherein the security providers use the callback handler to 
request context information from the application container for the request, and wherein depending 
on the output from the security providers the security service determines an entitlement for the client 
to use with the protected application, as defined by Claim 1 . 

In view of the above comments, Applicant respectfully submits that Claim 1 is neither 
anticipated by, nor obvious in view of the cited references, and reconsideration thereof is respectfully 
requested. 

Claims 18 and 35 

The comments provided above with respect to Claim 1 are incorporated herein by reference. 
Claims 1 8 and 35 have been amended similarly to Claim 1 to more clearly define the embodiment 
therein. For similar reasons as provided above with respect to Claim 1, Applicant respectfully 
submits that Claims 1 8 and 35 are likewise neither anticipated by, nor obvious in view of the cited 
references, and reconsideration thereof is respectfully requested. 
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Claims 2, 5-13, 15, 17, 19, 22, 30, 32, 34 and 36-39 

Claims 2, 5-1 3,15,17,1 9, 22, 30, 32, 34 and 36-39 are not addressed separately but it is 
respectfully submitted that these claims are allowable as depending from an allowable independent 
claim and further in view of the comments provided above. Applicant respectfully submits that these 
claims are similarly neither anticipated by, nor obvious in view of the cited references, and 
reconsideration thereof is respectfully requested. 

It is also submitted that these claims also add their own limitations which render them 
patentable in their own right. Applicant reserves the right to argue these limitations should it become 
necessary in the future. 

V. Rejections under 35 U.S.C. §103 
Claims 3, 4, 14, 16, 20, 21, 31 and 33 

In the Office Action mailed December 20, 2004, Claims 3, 4, 1 4, 1 6, 20, 21 , 31 and 33 were 
rejected under 35 U.S.C. 103(a) as being obvious over Wiederhold (U.S. Patent No. 6,226,745) in 
view ofjava.sun.com and/or javaworld.com. 

Claims 3, 4, 14, 16, 20, 21, 31 and 33 are not addressed separately but it is respectfully 
submitted that these claims are allowable as depending from an allowable independent claim and 
further in view of the comments provided above. Applicant respectfully submits that these claims 
are similarly neither anticipated by, nor obvious in view of the cited references, and reconsideration 
thereof is respectfully requested. 

It is also submitted that these claims also add their own limitations which render them 
patentable in their own right. Applicant reserves the right to argue these limitations should it become 
necessary in the future. 
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VI. Conclusion 

In light of the above, it is respectfully submitted that all of the claims now pending in the 
subject patent application should be allowable, and reconsideration is respectfully requested. The 
Examiner is respectfully requested to telephone the undersigned if he can assist in any way in 
expediting issuance of a patent. 

Enclosed is a PETITION FOR EXTENSION OF TIME UNDER 37 C.F.R. § 1.136 for 
extending the time to respond up to and including June 20, 2005. 

The Commissioner is authorized to charge any underpayment or credit any overpayment 
to Deposit Account No. 06-1 325 for any matter in connection with this response, including any fee 
for extension of time, which may be required. 



Respectfully submitted, 



Date: 




By: 




Karl F. Kenna 
Reg. No. 45,445 



FLIESLER MEYER LLP 
Four Embarcadero Center, Fourth Floor 
San Francisco, California 941 1 1-4156 
Telephone: (415) 362-3800 
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